Careless staff expose firms to cyber criminals

JOHANNESBURG – UNINFORMED and careless workers’ inappropriate use of information technologies are putting small South African companies’ cyber protection in jeopardy.

This according to a global security company, Kapersky Lab, which concludes small companies of up to 50 employees are significantly less concerned about employee activities leading to cyber-security breaches than larger corporations.

Only 36 percent of small businesses worry about their staff’s carelessness while more than half of medium-sized and large enterprises consider it a major concern, says the IT Security Risks Report 2016 by Kaspersky Lab.

According to the survey, employee actions are among the top three security challenges that make companies worldwide feel vulnerable.

In South Africa, more than half (78 percent) of the businesses that experienced cyber-security incidents in 2016 admitted that careless and uninformed employee behaviour had been a contributor.

Locally, 76 percent of companies (large and small businesses) reported that the amount of smartphones used for work had increased over the last three years and 68 percent confirmed that the same is applicable for tablets.

This new business reality is forcing management to pay more attention to IT security and the centralised control of potentially dangerous employee activities, even in the smallest businesses.

“In small businesses without dedicated IT personnel, it is often the case that staff have to implement cyber-security themselves – for example, by installing free antimalware solutions with limited functionality, says Vladimir Zapolyansky, Head of SMB (small- and medium-sized businesses) Marketing, Kaspersky Lab.

“This poses major risks for a company because one employee’s carelessness can easily affect all data within the organisation – leading to instant losses in time, clients’ data and money,” says Zapolyansky.

He urges businesses to implement solutions specifically designed for small and medium-sized businesses, with protection that any IT administrator, even with low IT skills, can easily maintain from everywhere.